1. Field of the Invention
The present invention relates in general to network monitoring and information management for identifying threats and other types of events of interest and, more particularly, to assessing and assigning risk levels to identified threats and events to allow personnel to more efficiently address such threats and events.
2. Relevant Background
Modern organizational infrastructures (e.g., made up of routers, switches, file servers, and the like) are constantly generating voluminous levels of data (e.g., log messages, machine-readable data, etc.) that is typically analyzed by various types of security and event management products that are configured to intelligently process the data to identify various events of interest. For instance, many such products include a user interface in the form of a dashboard that allows troubleshooters and other entity personnel to view a display (e.g., list, map, etc.) of such identified events and take remedial action if necessary. Each graphically displayed event may include or allow the personnel to view various types of information including but not limited to a classification of the event (e.g., “compromise,” “denial of service,” etc.), normalized time stamps corresponding to when the event was first detected, a source of the data, etc. Personnel may also be able to drill down into the event on the dashboard to obtain more detailed information such as the original (e.g., pre-processed or raw) data, metadata about the same, and/or the like.